REMARKS 

Applicants respectfully request further examination and reconsideration in 
view of the instant response. Claims 1-20 remain pending in the case. Claims 1- 
20 are rejected. Claims 1, 3, 9-17 and 20 are amended herein. No new matter 
has been added. 
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Claim Objections 
Claims 1, 3, 9-17, and 20 are objected to because of informalities. 
Applicants wish to thank the Examiner for indicating the informalities. As such, 
Applicants have amended Claims 1, 3, 9-17, and 20 to overcome the objections. 
Accordingly, Applicants respectfully request the objections be removed. 
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Claim Rejections 
112 

Claims 15-20 are rejected under U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which Applicant regards as the invention. Applicants have amended 
Independent Claim 15 to overcome the lack of antecedent basis for the term 
"said network." As such, Applicants respectfully request the rejection be 
removed. 

35 U.S.C. §1 02(a)- Claims 1-6. 8-11. 14-18 and 20 
Claims 1-6, 8-11, 14-18 and 20 are rejected under 35 U.S.C. §1 02(a) as 
being anticipated by Copeland III (2002/0144156). Applicants have reviewed the 
cited reference and respectfully submit that the embodiments of the present 
invention as recited in Claims 1-6, 8-11, 14-18 and 20 are not anticipated by 
Copeland for at least the following rationale. 

Applicants respectfully direct the Examiner to independent Claim 1 that 
recites that an embodiment of the present invention is directed to (emphasis 
added): 

A method for verifying port mapping integrity in a network, 
comprising: 

accessing port binding information in a port authorization file 
in said network; 

querying a port mapper for a mapped port assignment: 
comparing said mapped port assignment to said port binding 
information : and 

initiating a response to said comparing 
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Independent Claims 8 and 15 recite similar features. Claims 2-6, that depend 
from independent Claim 1 , Claims 9-1 1 and 14 that depend from Independent 
Claim 8, and 16-18 and 20 that depend from Independent Claim 15 also include 
these features. 



MPEP §2131 provides: 

"A claim is anticipated only if each and every element as set forth in 
the claim is found, either expressly or inherently described, in a 
single prior art reference." Verdegaal Bros. v. Union Oil Co. of Cali- 
fornia, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987). 
... "The identical invention must be shown in as complete detail as is 
contained in the ... claim." Richardson v. Suzuki Motor Co., 868 F.2d 
1226, 1236, 9 USPQ2d 1913, 1920 (Fed. Cir. 1989). The elements must 
be arranged as required by the claim. 



Applicants respectfully submit that Copeland is very different from the 
claimed embodiments and fails to teach or suggest each element of Independent 
Claim 1 . Similarly, Applicants submit that Copeland fails to teach or suggest the 
claimed features of Independent Claims 8 and 15. 



Applicants understand Copeland to teach a port profiling engine that 
"analyzes the flow data to distinguish legitimate flows from probes" (paragraph 
[0060]. Copeland stores "the most commonly seen network services" for each IP 
address. Data flows are then compared to "the most commonly seen network 
services" for each IP address to determine if the traffic is legitimate. 



App. No.: 10/637,172 



-9- 



Examiner: Pich 
Art Unit: 2135 



Applicants submit that Copeland fails to teach or suggest "comparing said 
mapped port assignment to said port binding information," as claimed. With the 
present claimed invention, the port binding information is established during 
initialization of the network (page 9 of the specification) and is not based on 
observed data flow as with Copeland. 

The examiner has indicated that the "port binding information" of the 
present invention is "information listing which ports are actually being used." This 
comparison is incorrect. As stated in the specification, the port binding 
information is established during initialization of the network (page 9 of the 
specification). The port binding information is not based on port usage. In other 
words, the port binding information is not directly related to "the ports actually 
being used" because unauthorized activity may be "using a port" but would not 
have corresponding port binding information. The present invention compares 
"the ports actually being used" to the "port binding information" to determine un- 
authorized port usage. 

The "seen today" list of Copeland is vulnerable to attack. If the "seen 
today" list of Copeland is compromised, there is no way of identifying un- 
authorized port usage. In opposition, with the present invention, if the " mapped 
port assignment " is compromised, the un-authorized port usage will be identified 
when the " mapped port assignment" is compared to the port binding information 
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because they will be different. Copeland fails to teach or suggest comparing 
mapped port assignment to port binding information, as claimed. 

For this rational, Copeland does not teach or suggest every element of 
Independent Claim 1 and similarly, Independent Claims 8 and 15. As such, 
Applicants believe Claims 1-6, 8-11, 14-18 and 20 are not anticipated by 
Copeland and respectfully request the rejection be removed. 
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35 U.S.C. §103(a) - Claims 7. 12. and 19 
Claims 7, 12 and 19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable Copeland in view of Hrabik (6,988,208). The rejection is 
respectfully traversed for the following rational. 

To establish prima facie obviousness of a claimed invention, all the 
claim limitations must be taught or suggested by the prior art. In re Royka, 
490 F.2d 981, 180 USPQ 580 (CCPA 1974). (MPEP 2143.03). 

As stated above, Copeland fails to teach or suggest "comparing said 
mapped port assignment to said port binding information," as claimed. 
Applicants submit that Hrabik fails to remedy the deficiencies of Copeland. 

In particular, Hrabik fails to teach or suggest "comparing said mapped port 
assignment to said port binding information," as claimed. Hrabik may teach a 
system for testing the integrity of a device on a target network (column 7, lines 
16-17), however, Hrabik is silent to "comparing said mapped port assignment to 
said port binding information," as claimed. Hrabik uses "multiple views" of 
network activity to determine attacks (column 8, lines 20-40) which is very 
different from "comparing said mapped port assignment to said port binding 
information," as claimed. 
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As such, Claims 7, 12 and 19 are patentable over Copeland in view of 
Hrabik. Applicants respectfully request the rejection be removed for the rational 
presented above. 

35 U.S.C. 5103(a)- Claim 13 
Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Copeland in view of Nickles (6,134,591). The rejection is respectfully traversed 
for the following rational. 

To establish prima facie obviousness of a claimed invention, all the 
claim limitations must be taught or suggested by the prior art. In re Royka, 
490 F.2d 981, 180 USPQ 580 (CCPA 1974). (MPEP 2143.03). 

As stated above, Copeland fails to teach or suggest "comparing said 
mapped port assignment to said port binding information," as claimed. 
Applicants submit that Nickles fails to remedy the deficiencies of Copeland. 

Nickles ,may teach the use of a digital signature to verify the source of 
data (column 10, lines 10-38), however, Nickles fails to teach or suggest 
"comparing said mapped port assignment to said port binding information," as 
claimed. 

Furthermore, Nickles teaches awav from the present invention by 
describing in column 9, lines 25-30 "the random port generator module 88 
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randomly selects an unused port for which communication." Random selection 
of port assignment would greatly compound the difficulty of maintaining the "port 
binding information" of the present invention. 

For this rational, Claim 13 is patentable over Copeland in view of Nickles. 
Applicants respectfully request the rejection be removed. 
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CONCLUSION 

Based on the arguments presented above, Applicants respectfully assert 
that Claims 1-20 overcome the rejections of record and, therefore, Applicants 
respectfully solicit allowance of these Claims. 



Dated: /y/y , 2007 
Address: 



Respectfully submitted, 
Wagner Blecher L.L.P. 




John P. Wagner, Jr. 
Registration No. 35,398 

WAGNER BLECHER LLP 
Westridge Business Park 
123 Westridge Drive 
Watsonville, California 95076 
(408) 377-0500 
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